My Takeaways from the 2019 DBIR Report

Many years ago, Verizon started a trend by releasing their Data Breaches Investigations Report, and today there are dozens of companies releasing similar offerings. But even with all the competition—some of which are quite good—the original DBIR report is still my favorite.

Meta

This year they included 41,686 security incidents and 2,013 data breaches

There were 73 data sources spanning 86 countries

Perpetrators

69% of attacks came from outsiders

34% involved internal actors

They say only 5% involved partners, which I would thought would have been higher

Techniques

Keep in mind that many incidents/breaches fall into multiple categories.

Around half involved “hacking”

1/3 included social engineering

Around 1/3 involved malware

They say only around 4% involved a physical component, which I find fascinating. Coming from such a major report, this could lead some to spend less on physical pentesting. Although, maybe that 4% were the ones that mattered most.

Victims

Almost half the victims were small businesses

Attack types vs. industries

Denial of service and hacking was popular across many industries

The server itself was the most popular target

Hospitality (Accommodation) had series issues with malware and hacking

Their key analysis points

Executives are being targeted (between and 9 and 12 times more than in the past)

Attackers are following companies into the cloud

Web-app-based payment systems are catching up to physical terminal compromises. This is interesting, since I would have thought this crossover would have happened a long time ago. They say Chip and Pin could be a major factor in this

Ransomware is still a very common technique

Maybe we need to build campaigns that more specifically target mobile?

Phishing is quite effective on mobile devices

Miscellaneous Errors continue to represent in many patterns, especially where the industry is usually understaffed and underskilled (healthcare, education, etc.)